Changeset 3448 for branches/2.2/phpgwapi

Timestamp:

11/03/10 08:21:13 (13 years ago)

Author:

rafaelraymundo

Message:

Ticket #990 - Vulnerabilidades no Anti robo Captcha do Login

File:

• branches/2.2/phpgwapi/templates/default/login_default.php (modified) (8 diffs)

branches/2.2/phpgwapi/templates/default/login_default.php

@@ -37 +37 @@
                                 return '<font color="FF0000">' . lang('Blocked, too many attempts(%1)! Retry in %2 minute(s)',$GLOBALS['phpgw_info']['server']['num_unsuccessful_id'],$GLOBALS['phpgw_info']['server']['block_time']) . '</font>';
                         case 200:
-                                return '<font color="FF0000">' . lang('Invalid code') . '</font>';
-                        break;                          
+                            //return '<font color="FF0000">' . lang('Invalid code') . '</font>';
+                            return '<font color="FF0000">' . lang('Bad login or password') . '</font>';
+                            break;
                         case 10:
                                 $GLOBALS['phpgw']->session->phpgw_setcookie('sessionid');
@@ -53 +54 @@
                                 
                         default:
-                                return '&nbsp;';
+                                return '';
                 }
         }
@@ -116 +117 @@
             if($GLOBALS['phpgw_info']['server']['captcha']==1)
               {
-                if(!$_COOKIE['ZABX'])
-                    {
-                        $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5'));
-                    }
                 if($_SESSION['contador'] > $GLOBALS['phpgw_info']['server']['num_badlogin'])
                     {
                         if ($_SESSION['CAPTCHAString'] != trim(strtoupper($_POST['codigo'])))
                                 {
-                                        $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=200'));
+                                        if(!$_GET['cd'])
+                                        {
+                                            $_GET['cd'] = '200';
+                                        }
                                 }
                         unset($_SESSION['CAPTCHAString']);
@@ -148 +148 @@
                         !isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['SSL_CLIENT_S_DN']))
                 {
-                        $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5'));
+                        if(!$_GET['cd'])
+                            {
+                                $_GET['cd'] = '5';
+                            }
                 }
                 
@@ -165 +168 @@
                         $login .= '@'.$GLOBALS['phpgw_info']['server']['default_domain'];
                 }
+                If(!$_GET['cd'])
                 $GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create(strtolower($login),$passwd,$passwd_type,'u');
 
                 if(!isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid'])
                 {
-                        $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason);
+
+                       If(!$_GET['cd']) $_GET['cd'] = $GLOBALS['phpgw']->session->cd_reason;
                 }
                 else
@@ -204 +209 @@
                 }
         }
-        else
-        {
+        //else   // =================================================================================
+        //{
             $valor_contador = $_SESSION['contador'];
             $valor_contador = $valor_contador + 1;
@@ -254 +259 @@
                         $tmpl->set_var('lang_message',stripslashes(lang('loginscreen_message')));
                 }
-        }
+        //}
 
         if($GLOBALS['phpgw_info']['server']['use_prefix_organization'])
@@ -413 +418 @@
 
         $tmpl->set_var('autocomplete', ($GLOBALS['phpgw_info']['server']['autocomplete_login'] ? 'autocomplete="off"' : ''));
-
 // soh mostra o captcha se for login sem certificado....
 if($GLOBALS['phpgw_info']['server']['captcha'] && $_GET['cd']!='300' )
     {
-        $aux_captcha = '';
-        setcookie(session_name(),base64_encode(session_convert($key_convert . session_id(),$key_convert)),0);
+        $aux_captcha = '<input type="hidden" name="' . session_name() . '"  value="' . session_id() . '" >';
+//        setcookie(session_name(),base64_encode(session_convert($key_convert . session_id(),$key_convert)),0);
         if($valor_contador > $GLOBALS['phpgw_info']['server']['num_badlogin'])
             {
                 $aux_captcha = '<div class="login_label" >
-                   <img src="./security/captcha.php" title="'.lang('Security code').'" alt="'.lang('Security code').'" style="position:static;"><br/>
+                   <img src="./security/captcha.php?' . session_name() . '=' . session_id() . '" title="'.lang('Security code').'" alt="'.lang('Security code').'" style="position:static;"><br/>
                    <input class="input" type="text" maxlength="50" size="20" name="codigo" id="codigo" value="" >
+                   <input type="hidden" name="' . session_name() . '"  value="' . session_id() . '" >
                    </div>';
-                $tmpl->set_var('captcha',$aux_captcha);
             }
     }
-    
+    $tmpl->set_var('captcha',$aux_captcha);
 // Testa se deve incluir applet para login com certificado......
 if ($_GET['cd']=='300' && $GLOBALS['phpgw_info']['server']['certificado']==1)